BeBop Sync service will move content from S3 to BeBop editorial storage. To accomplish this, customers can attach the following bucket policy to their S3 buckets to grant access to BeBop without sharing the AWS keys.


Please replace BebopCustomerRole with the role provided to you and BucketName with the bucket name the policy is applied to.


Policies


Read-Write

{

    "Version": "2012-10-17",

    "Id": "Policy1500414757803",

    "Statement": [

        {

            "Sid": "Stmt1500414754089",

            "Effect": "Allow",

            "Principal": {

                "AWS": [ "arn:aws:iam::320920465553:role/BebopCustomerRole", "arn:aws:iam::320920465553:user/BebopCustomerRole" ]

            },

            "Action": [

                "s3:ListBucket",

                "s3:GetObject",

                "s3:GetObjectTagging",

                "s3:PutObject",

                "s3:PutObjectTagging"

            ],

            "Resource": [

                "arn:aws:s3:::BucketName",

                "arn:aws:s3:::BucketName/*"

            ]

        }

    ]

}


For Read-Only Access please omit 

                "s3:PutObject",

                "s3:PutObjectTagging"


Required Information from Customer

Please provide us with the following information:

  • If there are 2 buckets
    • Bucket name content going Into BeBop
      • Ex: /dark-knight-to-bebop
    • Bucket name for content coming Out of BeBop
      • Ex: /dark-knight-from-bebop
  • If there is only 1 bucket with read/write permissions
    • Bucket name and sub-folder for content going Into Bebop
      • Ex: /dark-knight/trailer/dailies
    • Bucket name and sub-folder for content coming Out of Bebop
      • Ex: /dark-knight/trailer/selects


Step By Step

  1. Login to AWS Console and go to S3 Console
  2. Click on the desired bucket
  3. Select Permissions Tab and Click on Bucket Policy
  4. Past the bucket policy from above.
    1. Replace the BebopCustomerRole & BucketName

References

http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html



For any questions or problems, please create a ticket on the BeBop Helpdesk.